CVE-2012-6047

Name of the Vulnerable Software and Affected Versions X7 Chat versions 2.0.5.1 and earlier

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the "users page" in an "adminpanel action" to "index.php".

Recommendations For versions 2.0.5.1 and earlier, as a temporary workaround, consider restricting access to the adminpanel action in index.php until a patch is available. Avoid using the users page in the adminpanel to add users to groups until the issue is resolved.